Zcash could spell reemergence of mining botnets

Researchers noted that Zcash got off to a flying start within the first few hours of launch reaching a peak of $30,000 for 1ZEC.

Kaspersky Lab researchers warn the growing popularity of Zcash could result in the return of attackers infecting users with malicious miners.

The cryptocurrency, unlike Bitcoin, can be shielded to conceal the identity of the sender, the recipient and the value of all transaction and could attract the attention of cybercriminals interested in infecting users with mining malware, according to a Dec. 12 blog post.

Researchers noted that Zcash got off to a flying start within the first few hours of launch reaching a peak of $30,000 for 1ZEC however, also noted that only a few dozen of the coins were in existence at the time and the actual turnover was very low as the currency steadily declined against Bitcoin.

Despite the anticipated drop-off, Zcash mining has remained one of the most profitable compared to other cryptocurrencies and has led to the revival of cybercriminals creating botnets for Zcash mining. This business model was prevalent with Bitcoins a few years ago but phased out as the practice became less profitable, researchers said.

In November, researchers spotted cybercriminals getting users to unknowingly installing mining software on users' computers by disguising it as legitimate programs such as pirated software distributed via torrents. While there haven't been any cases of mass-mailings or vulnerabilities in websites being exploited to distribute mining software, researchers believe it's only a matter of time until these methods are used again as long as the cryptocurrency remains profitable.

So far the most popular mining software to date is “nheqminer” from the Micemash mining pool.

With possible price growth in the future, we'll likely see more and more botnets, Kaspersky Global Research and Analysis Team Chief Security Expert Alexander Gostev told SC Media via email comments.

“Right now there is mostly speculation about the market without real demand of ZCash from businesses (like we see for Bitcoin),” Gostev said. “But it is also profitable now – cybercriminals can earn a few bucks from every infected PC, every day.”

He went on to say that when the price of ZCash is more than $50/ZEC, we could see the botnets being used more as the value to be gained will be worth renting botnets as the price of renting the botnet will be less than the amount which can be gain from each infected users. Even mining with a small botnet of under a thousand bots is profitable, he said.

“I don't know what the current price for 1,000 bots is in the underground market, but I think it's about a few hundred US dollars per month,” Gostev said. “So while it can be profitable, the risk is that the profitability could decrease if the price of ZCash drops dramatically.”

Overall, Gostev said there is a big demand of more “private” currency in cybercrime as currencies and ZCash can solve problems with anonymity. He said at the current stage it looks like a safe harbor for them and that the only problem is the volatile market and price as when the price of ZEC stabilizes – more and more criminals will use it.

Despite the potential for harm the coins aren't only used by threat actors.

“Anonymous coins protect the privacy of users and we believe that everyone has the right to protect his/her privacy, Genesis Group Chief Financial Officer and Co-Founder Marco Krohn told SC Media via emailed comments. “However, people involved in illegal activities certainly will see benefits in using monero / zcash as well.”

He went on to say that Bitcoin already gave illegal businesses an opportunity to transact and that currencies like Zcash may seem more appealing to illegitimate businesses in that regard, but that he doesn't expect to see a major shift in activities because of it.

Get SC Media delivered to your inbox

Whitepaper of the Day

Newswire

Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.